Foxboron/rebuild checking

[Foxboron]

This does a few things

• Enables a more verbose debugging format.
• Implements parsing of APT::Intoto configuration
• Adds some basic checksum verification towards configured rebuilders

Partially implements #3

[Foxboron]

In general I think we should make the config/message parser a little bit more robust, so that we don't get IndexErrors or the like, for unexpected message formats, both from apt/http transport or the rebuilders (not so unlikely :)).

Yes. This was mostly intended as a simple POC. I'll improve a bit on it before the summit and add some more documentation as noted.

As discussed yesterday, the checksum match should be performed in the course of in-toto verification... It's still helpful to see how you talk to the rebuilder.

I agree, i just thought a simple checksum match would be benefitial to just layout how global_info URI_ACQUIRE and URI_DONE work together. It works as a sort of first iteration thingie.

If it's okay for you, I will take over, cherry-picking your commits except for the last one, and add some in-toto verification. We can leave this PR open for now (to keep my comments around) and decide later how to merge.

Feel free :)

[lukpueh]

@Foxboron, thanks for your quick reply. Your PR is a perfect POC. I just wanted to point out those things, so that we don't forget. ;)